From 9a3d0dc062e4ebcafdc399ed8522df97066b139e Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 7 Oct 2010 22:06:42 +1100 Subject: - djm@cvs.openbsd.org 2010/10/01 23:05:32 [cipher-3des1.c cipher-bf1.c cipher-ctr.c openbsd-compat/openssl-compat.h] adapt to API changes in openssl-1.0.0a NB. contains compat code to select correct API for older OpenSSL --- openbsd-compat/openssl-compat.h | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'openbsd-compat/openssl-compat.h') diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index b7caa650c..beb81f420 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.15 2010/05/12 07:50:02 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -17,6 +17,7 @@ */ #include "includes.h" +#include #include #include #include @@ -39,6 +40,12 @@ # define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) #endif +#if OPENSSL_VERSION_NUMBER < 0x1000000fL +# define LIBCRYPTO_EVP_INL_TYPE unsigned int +#else +# define LIBCRYPTO_EVP_INL_TYPE size_t +#endif + #if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES) # define USE_BUILTIN_RIJNDAEL #endif -- cgit v1.2.3 From ebdef76b5df3c33b05128b4fb2cc484427f99ca6 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 4 Dec 2010 23:20:50 +1100 Subject: - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add shims for the new, non-deprecated OpenSSL key generation functions for platforms that don't have the new interfaces. --- ChangeLog | 3 ++ configure.ac | 6 ++-- moduli.c | 2 ++ openbsd-compat/openssl-compat.c | 64 ++++++++++++++++++++++++++++++++++++++++- openbsd-compat/openssl-compat.h | 15 +++++++++- 5 files changed, 86 insertions(+), 4 deletions(-) (limited to 'openbsd-compat/openssl-compat.h') diff --git a/ChangeLog b/ChangeLog index 7e416859f..7b94b59e5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20101204 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range) instead of (arc4random() % range) + - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add + shims for the new, non-deprecated OpenSSL key generation functions for + platforms that don't have the new interfaces. 20101201 - OpenBSD CVS Sync diff --git a/configure.ac b/configure.ac index c3700d8dd..0ea76c8fd 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $ +# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.458 $) +AC_REVISION($Revision: 1.459 $) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) @@ -2136,6 +2136,8 @@ int main(void) { SSLeay_add_all_algorithms(); } ] ) +AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex) + AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], [ if test "x$withval" != "xno" ; then diff --git a/moduli.c b/moduli.c index 2c2b388c7..2964a8b3d 100644 --- a/moduli.c +++ b/moduli.c @@ -54,6 +54,8 @@ #include "dh.h" #include "log.h" +#include "openbsd-compat/openssl-compat.h" + /* * File output defines */ diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index c9bb7cb50..e2d090cf1 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -18,11 +18,16 @@ #include "includes.h" +#include +#include + #ifdef USE_OPENSSL_ENGINE # include # include #endif +#include "log.h" + #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS #include "openssl-compat.h" @@ -59,6 +64,63 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) } #endif +#ifndef HAVE_BN_IS_PRIME_EX +int +BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) +{ + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + return BN_is_prime(p, nchecks, NULL, ctx, NULL); +} +#endif + +#ifndef HAVE_RSA_GENERATE_KEY_EX +int +RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) +{ + RSA *new_rsa, tmp_rsa; + unsigned long e; + + sleep(1); + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + e = BN_get_word(bn_e); + if (e == 0xffffffffL) + fatal("%s: value of e too large", __func__); + new_rsa = RSA_generate_key(bits, e, NULL, NULL); + if (new_rsa == NULL) + return 0; + /* swap rsa/new_rsa then free new_rsa */ + tmp_rsa = *rsa; + *rsa = *new_rsa; + *new_rsa = tmp_rsa; + RSA_free(new_rsa); + return 1; +} +#endif + +#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int +DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, + int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) +{ + DSA *new_dsa, tmp_dsa; + + if (cb != NULL) + fatal("%s: callback args not supported", __func__); + new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, + counter_ret, h_ret, NULL, NULL); + if (new_dsa == NULL) + return 0; + /* swap dsa/new_dsa then free new_dsa */ + tmp_dsa = *dsa; + *dsa = *new_dsa; + *new_dsa = tmp_dsa; + DSA_free(new_dsa); + return 1; +} +#endif + #ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index beb81f420..c0ca20aaf 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -108,6 +108,19 @@ extern const EVP_CIPHER *evp_acss(void); # define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms() # endif +# ifndef HAVE_BN_IS_PRIME_EX +int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *); +# endif + +# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX +int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, + unsigned long *, void *); +# endif + +# ifndef HAVE_RSA_GENERATE_KEY_EX +int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); +# endif + int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); -- cgit v1.2.3 From 79241377df7fdd34a05d0565c7c5fb48ef6492a5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 22 Jan 2011 09:37:01 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add RSA_get_default_method() for the benefit of openssl versions that don't have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, ok djm@. --- ChangeLog | 6 ++++++ configure.ac | 6 +++--- openbsd-compat/openssl-compat.c | 14 +++++++++++++- openbsd-compat/openssl-compat.h | 6 +++++- 4 files changed, 27 insertions(+), 5 deletions(-) (limited to 'openbsd-compat/openssl-compat.h') diff --git a/ChangeLog b/ChangeLog index 53c987f1b..78196a7c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20110122 + - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add + RSA_get_default_method() for the benefit of openssl versions that don't + have it (at least openssl-engine-0.9.6b). Found and tested by Kevin Brott, + ok djm@. + 20110119 - (tim) [contrib/caldera/openssh.spec] Use CFLAGS from Makefile instead of RPM so build completes. Signatures were changed to .asc since 4.1p1. diff --git a/configure.ac b/configure.ac index 208896ed8..769e83594 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.468 2011/01/19 12:12:30 djm Exp $ +# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) -AC_REVISION($Revision: 1.468 $) +AC_REVISION($Revision: 1.469 $) AC_CONFIG_SRCDIR([ssh.c]) # local macros @@ -2180,7 +2180,7 @@ int main(void) { SSLeay_add_all_algorithms(); } ] ) -AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex) +AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex RSA_get_default_method) AC_ARG_WITH(ssl-engine, [ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ], diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index eb5ae7f85..b617fdf19 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.12 2010/12/04 21:46:05 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -26,6 +26,10 @@ # include #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +# include +#endif + #include "log.h" #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS @@ -120,6 +124,14 @@ DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, } #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD * +RSA_get_default_method(void) +{ + return RSA_PKCS1_SSLeay(); +} +#endif + #ifdef USE_OPENSSL_ENGINE void ssh_SSLeay_add_all_algorithms(void) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index c0ca20aaf..6d4f3f215 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */ +/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -78,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void); # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len) #endif +#ifndef HAVE_RSA_GET_DEFAULT_METHOD +RSA_METHOD *RSA_get_default_method(void); +#endif + /* * We overload some of the OpenSSL crypto functions with ssh_* equivalents * which cater for older and/or less featureful OpenSSL version. -- cgit v1.2.3